-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| forkcms/forkcms | composer | < 5.8.3 | 5.8.3 |
Miggo AIRoot Cause AnalysisThe vulnerability stemmed from missing output encoding in multiple locations handling 'navigation_title' and 'title' fields. The patch adds htmlspecialchars() in backend Model.php methods and replaces dangerous |raw filters with |escape in Twig templates. These specific functions were directly processing user-controlled input and outputting it to HTML contexts without proper neutralization, creating XSS vectors. High confidence comes from the direct correlation between patched locations and the vulnerability description.
Ongoing coverage of React2Shell